Researcher Documentation

Welcome to the researcherdocs developer hub. You'll find comprehensive guides and documentation to help you start working with researcherdocs as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started

Researcher Dashboard

Your Researcher Dashboard provides you with insights to how you have been performing across all programs. The information you find on your dashboard is very similar to what appears on your researcher profile (<your username>), except with a couple of differences:

  • You can control the visibility of your profile on public facing pages, such as leaderboards.
  • You can drill down into your submission stats by year, last 90 days, and the current month.
  • You can see a breakdown of your vulnerabilities by vulnerability type.

To learn more about performance stats, read more a Researcher Profile.

Set Your Researcher Profile to Public or Private

To share your researcher profile publicly, go to your dashboard and toggle the Public researcher profile option on.

Otherwise, if you toggle the option off, your profile will not be accessible to anyone and you will appear as "Private user" on all publicly facing pages, such as leaderboards.

Your Dashboard

Your dashboard contains the following pieces of information:

  • Your rank
  • The total amount of points you've earned
  • Whether your profile has been verified
  • Your all-time performance stats, which include the number of vulnerabilities you've reported, the accuracy of your submissions, and the severity of the vulnerabilities you've reported
  • A breakdown of the target types you've reported on

Your Rank and Points

Your rank reflects your overall standing compared to other researchers. Your rank is determined by your total number of points compared to other researchers. The more points you have, the higher your rank.

Your Performance Stats

Your performance stats help you understand the quality and volume of your submissions. You can track how you are doing over time or within a certain time frame. Just select a different time range to change the view.

Your performance stats include the following information:

  • Total Vulnerabilities - The total number of valid vulnerabilities. These include submissions marked as unresolved, resolved, duplicate, or won't fix.
  • Accuracy - This measures the percentage of submissions that are valid. This metric is calculated by dividing your total number of valid vulnerabilities submitted over your total number of submissions.
  • Average Severity - This is measured by looking at all of your valid vulnerabilities, adding up the total number by its technical severity, based on a scale from 1 to 4 (1 representing a P1, the most critical vulnerability, and 4 representing a P4, the lowest critical vulnerability) and dividing that number by total valid submissions. *Ex: P1 = 2, P2 = 0, P3 = 3, and P4 = 4 ---> total = 1+1+3+3+3+4+4+4+4 = 28/9 = average technical severity = 3.11
  • Volume of Reported Vulnerabilities - This graph provides a chronological snapshot of your total number of valid and invalid vulnerabilities that you have ever submitted.
  • Submission Type - This tracks the volume of submissions based on the types of vulnerabilities you've submitted and the types of targets you've submitted on.
  • Target Type Breakdown - This tracks the volume of submissions based on the target type (e.g. IoT, Website, API, iOS, Android, Hardware, Other, Not Categorized).

Quick Links Panel

This panel provides quick access to valuable Bugcrowd resources that help provide platform documentation and program guidance. The following resources are provided:

  • Code of Conduct - outlines the expected behavior of all Bugcrowd community members participating in bug bounty programs, Bugcrowd online community offerings such as the Bugcrowd Community Forum and IRC channel #bugcrowd, the Bugcrowd Researcher slack channel, BugBashes, as well as any other programs that may be offered by Bugcrowd.
  • Standard Disclosure Terms - Bugcrowd's standard guidelines and rules of engagement for crowdsourced security program participation. This, along with the program bounty brief outline rules and expectations to be followed when hacking and submitting vulnerabilities on a given program.
  • Researcher Resources - quick access to news, guides, webinars, and other resources on Bugcrowd and the broader crowdsourced security industry.
  • Researcher Documentation - Bugcrowd's Crowdcontrol documentation built to help you better understand the platform.
  • Bugcrowd Blog - all things happening with Bugcrowd including any new program announcements, product and feature launches, bug bounty education, and more.